Upload
gareth-niblett
View
123
Download
3
Embed Size (px)
Citation preview
Information assurance (IA) is what information security people do to try and manage risks associated with information and data.
This covers the people, processes and systems that might access, store, process, and transmit it. It should be holistic, and focus on more than just technical security controls, taking on board strategic and organisational issues too.
IA should consider governance and compliance issues alongside the risk ones,
paying due regard to legal, regulatory and contractual compliance.
It is not simply an IT or technical discipline where techies can work in isolation from the real world; often it requires a delicate balance when people and cultural conflict are possible, e.g. with BYOD.
Other balances must be struck when considering aspects of privacy and transparency, weighing obligations against benefits and risks.
A good IA professional tries to rarely say no, preferring to understand what the business is trying to achieve and then working collaboratively with it to arrive at a suitable method of getting the desired result.
Those working in IA must continue to stay on top of standards and good practice, advances in technologies and emerging issues that may impact particular approaches and change risk profiles (e.g. online communications and cloud computing being targeted by foreign governments).
INFORMATION SECURITY
Most of all, they must engage positively with their business.
Working in this space is both challenging, with everything continually developing, and rewarding, especially when playing a part in defending your organisation, client or country.
www.bcs.org/security
When it comes to information assurance you need to take a wide view of the issues, says Gareth Niblett, Chairman of the BCS Information Security Specialist Group.
Information Security Specialist Group (ISSG):www.bcs-issg.org.uk
Information Risk Management and Assurance Specialist Group:www.bcs.org/groups/irma
BCS Security Community of Expertise (SCoE):www.bcs.org/securitycommunity
FURTHER INFORMATION
HOLISTIC SECURITY
doi:1
0.10
93/i
tnow
/bw
t043
©20
13 T
he B
ritis
h Co
mpu
ter
Soci
ety
Imag
e: iS
tock
Pho
to/1
6876
7483
24 ITNOW September 2013
Agile Certified
Professionals across the business can now demonstrate their ability to delivergreater value from their projects – with the global benchmark in agile capability.
BCS Agile Certification pushes the boundaries in agile thinking and delivers thewhy, not just the how, of agile by bringing people together in an agile learning environment to tackle real-world business issues. It’s method-neutral, leaving youto decide on the agile approach that works best in your organisation.
Enjoy successful agile projects and transform the way you do business.
bcs.org/agilecertified
BC29
1/LD
/AD
/071
3
© BCS, The Chartered Institute for IT, is the business name of the British Computer Society (Registered charity no. 292786) 2013
bc291_ld_ad_itnow_fp_agile_af_Layout 1 26/07/2013 09:35 Page 1